lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <aNJvD53QPva4Z7yo@gondor.apana.org.au>
Date: Tue, 23 Sep 2025 17:57:35 +0800
From: Herbert Xu <herbert@...dor.apana.org.au>
To: Shivani Agarwal <shivani.agarwal@...adcom.com>
Cc: davem@...emloft.net, smueller@...onox.de, linux-crypto@...r.kernel.org,
	linux-kernel@...r.kernel.org, bcm-kernel-feedback-list@...adcom.com,
	ajay.kaher@...adcom.com, alexey.makhalov@...adcom.com,
	tapas.kundu@...adcom.com, vamsi-krishna.brahmajosyula@...adcom.com,
	srinidhi.rao@...adcom.com, stable@...r.kernel.org
Subject: Re: [PATCH] crypto: zero initialize memory allocated via sock_kmalloc

On Tue, Sep 23, 2025 at 12:45:15AM -0700, Shivani Agarwal wrote:
>
> diff --git a/crypto/af_alg.c b/crypto/af_alg.c
> index ca6fdcc6c54a..6c271e55f44d 100644
> --- a/crypto/af_alg.c
> +++ b/crypto/af_alg.c
> @@ -1212,15 +1212,14 @@ struct af_alg_async_req *af_alg_alloc_areq(struct sock *sk,
>  	if (unlikely(!areq))
>  		return ERR_PTR(-ENOMEM);
>  
> +	memset(areq, 0, areqlen);
> +
>  	ctx->inflight = true;
>  
>  	areq->areqlen = areqlen;
>  	areq->sk = sk;
>  	areq->first_rsgl.sgl.sgt.sgl = areq->first_rsgl.sgl.sgl;
> -	areq->last_rsgl = NULL;
>  	INIT_LIST_HEAD(&areq->rsgl_list);
> -	areq->tsgl = NULL;
> -	areq->tsgl_entries = 0;
>  
>  	return areq;
>  }
> diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
> index e3f1a4852737..4d3dfc60a16a 100644
> --- a/crypto/algif_hash.c
> +++ b/crypto/algif_hash.c
> @@ -416,9 +416,8 @@ static int hash_accept_parent_nokey(void *private, struct sock *sk)
>  	if (!ctx)
>  		return -ENOMEM;
>  
> -	ctx->result = NULL;
> +	memset(ctx, 0, len);
>  	ctx->len = len;
> -	ctx->more = false;
>  	crypto_init_wait(&ctx->wait);
>  
>  	ask->private = ctx;
> diff --git a/crypto/algif_rng.c b/crypto/algif_rng.c
> index 10c41adac3b1..1a86e40c8372 100644
> --- a/crypto/algif_rng.c
> +++ b/crypto/algif_rng.c
> @@ -248,9 +248,8 @@ static int rng_accept_parent(void *private, struct sock *sk)
>  	if (!ctx)
>  		return -ENOMEM;
>  
> +	memset(ctx, 0, len);
>  	ctx->len = len;
> -	ctx->addtl = NULL;
> -	ctx->addtl_len = 0;
>  
>  	/*
>  	 * No seeding done at that point -- if multiple accepts are

These changes look good.

> diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
> index 125d395c5e00..f4ce5473324f 100644
> --- a/crypto/algif_skcipher.c
> +++ b/crypto/algif_skcipher.c
> @@ -70,6 +70,7 @@ static int algif_skcipher_export(struct sock *sk, struct skcipher_request *req)
>  	if (!ctx->state)
>  		return -ENOMEM;
>  
> +	memset(ctx->state, 0, statesize);
>  	err = crypto_skcipher_export(req, ctx->state);
>  	if (err) {
>  		sock_kzfree_s(sk, ctx->state, statesize);

But this one should be dropped.  The ctx->state will immediately
be overwritten by crypto_skcipher_export.  Even if it fails, the
memory is immediately freed so no harm is done.

Thanks,
-- 
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ